Jacques Marneweck's Blog

There is a change with references which breaks backwards compatibility in version of PHP >= 4.4.0.

Many people seem, including myself, at times have incorrectly used references in code similar to John's code below:

<?php
function &dosomething($a)
{
    $b = false;
    return empty($a) ? $b : $a;
}

According to resident PHP guru Derick Rethans, "this is actually correct behavior. The ?: operator creates a copy and the you returning by reference doesn't work of course." On his blog he also wrote:

Through Planet PHP I saw the blog entry "Is PHP staying the language I want to work with?", for with comments are cowardly disabled. Although the way classes are handled is debatable, moaning that PHP 4.4 breaks "return ($ret)" when returning by reference only shows that the programmer has had no clue about references in the first place. If you place () around a variable, you're making it an expression. You can only return variables by references, not expressions. The return-by-reference in this function never could have worked as it should have in the first place. Clue: Don't use "return ()", but just "return ".

Derick also has a article in the June 2005 issue of php|architect where he explains what references are in more detail.

The PHP Manual is a bit misleading about returning references on the return() function page but on the returning values page it shows one should be returning references without using the ()'s as part of the call to return.

Posted by Jacques Marneweck at 5:44 PM | Permalink | Comments (0) | TrackBacks (0)

Every single day, 30,000 children die, needlessly, of extreme poverty.

On July 6th, we finally have the opportunity to stop that shameful statistic.

8 world leaders, gathered in Scotland for the G8 summit, will be presented with a workable plan to double aid, drop the debt and make the trade laws fair. If these 8 men agree, then we will become the generation that made poverty history.

But they'll only do it if enough people tell them to.

We don't want your money - we want you!

Visit these sites to find out more:

• Make Poverty History
• Commission for Africa
• Live 8 Live

Posted by Jacques Marneweck at 6:25 PM | Permalink | Comments (0) | TrackBacks (0)

Busy configuring slony 1.1.0 for replicating between various hosts. It is way easier to configure slony 1.1.0 over the 1.0.x series.

Does anyone know of any decent open source PostgreSQL benchmarking software similar to the Super Smack utility for benchmarking MySQL database servers?

Posted by Jacques Marneweck at 4:37 PM | Permalink | Comments (0) | TrackBacks (0)

Ask Bjørn Hansen located a useful resource of world cities from Maxmind which looks interesting as it provides generic co-ordinates for cities and suburbs across the globe which is used for the Geourl site.

Posted by Jacques Marneweck at 12:54 PM | Permalink | Comments (0) | TrackBacks (0)

There is an interview on the OSNews site with three core FreeBSD developers John Baldwin, Robert Watson and Scott Long. They discuss the up and coming FreeBSD version 6 and it's new features, the competition, Darwin, and quite a bit more.

Posted by Jacques Marneweck at 5:55 PM | Permalink | Comments (0) | TrackBacks (0)

PHP 5.1 Beta 2 is now available! A lot of work has been put into this upcoming release and we believe it is ready for public testing.

Some of the key improvements of PHP 5.1 include:

• PDO (PHP Data Objects) - A new native database abstraction layer providing performance, ease-of-use, and flexibility.
• Significantly improved language performance mainly due to the new Zend Engine II execution architecture.
• The PCRE extension has been updated to PCRE 5.0.
• Many more improvements including lots of new functionality & many bug fixes, especially in regards to SOAP, streams and SPL.
• See the bundled NEWS file for a more complete list of changes.

Posted by Jacques Marneweck at 5:39 PM | Permalink | Comments (0) | TrackBacks (0)

Mike Lawrie wrote in a email yesterday that the .ZA primary DNS server is coming home. Currently it's in the process of first moving from the US to RIPE in the Netherlands in the interim to a server hosted at the Internet Solutions in Johannesburg.

This is just a "heads up" for watchers of the ZA namespace.

The ZA primary zonefile is about to be moved to nsza.is.co.za. The ZA DNA has asked me to oversee this move. This move is coinciding with a forced change of one of the secondaries and a recommended change of another. The target completion date is 28 June.

In essence, the process involves freezing the existing primary zonefile at rain.psg.com, activating the zonefile on nsza.is.co.za, getting the ZA secondaries to update from the new primary, slotting in the changes to the ZA zonefile, and getting ICANN to update the root-servers accordingly. In theory, not overly difficult, and transparent to users.

If anyone spots a problem with the ZA nameservers during this migration period, please contact me as soon as possible. We cannot afford to have the ZA domain hiccup during this (or indeed, any other) period.

It will be good, and very appropriate, to have the zonefile back in South Africa again.

Posted by Jacques Marneweck at 5:18 PM | Permalink | Comments (0) | TrackBacks (0)

Been looking at pgmemcache which was written by Sean Chittenden of the FreeBSD project.

I'm in the process of submitting a patch for the port for pgmemcache to the FreeBSD project for it to be included in the ports tree. The status of the ports tree addition are on the pgmemcached pr page.

Posted by Jacques Marneweck at 3:56 PM | Permalink | Comments (0) | TrackBacks (0)

A fine implementation of the object-overloading paradigm has found its way into PHP version 5. This article explores the possibilities of the overload methods __call(), __set(), and __get(). After explaining the basic theory of overloading, it dives straight into the topic by using two practical examples: first, implementing persistable classes, and second, figuring out a way to realize dynamic getter and setter methods. If you do not yet know what these terms mean, don't be afraid--it will become clear to you when you see the example code.

Check out Martin's article.

Posted by Jacques Marneweck at 6:36 PM | Permalink | Comments (0) | TrackBacks (0)

When reporting bugs to the PHP one user claims to be having "Legal Issues", hence he cannot submit repoduce code. Derick reports:

Some times people don't want to submit their code when filing a bug report for PHP because of "Legal Reasons". They simply assume we can fix it even with their very vague reasons. Usually we persist in asking for more information because we're nice and want to help those people who think they found a bug anyway. Sometimes this gives hiliarius responses. Come on, your über-cool "new technology" with PHP - we're that ones that gave you the tool to write your "new technology" in the first place. Even better is when they claim that "they're not allowed to tell you what it is".

But it gets, better - now the guy is even offering that we debug his large application for us, but we need to sign an NDA as well then. I'm not sure in which world this guy lives, but an NDA for a bug report? :) If you can't make a short reproducable case, then you're pretty much lost anyway. I just ended up asking how much they pay.

Posted by Jacques Marneweck at 8:25 AM | Permalink | Comments (0) | TrackBacks (0)

Picked up from over at Damien's site:

Over the past few months, I've mentioned in my weblob a number of new and exciting layout techniques that have surfaced. Below is a summary of the traditional CSS-based, tableless layouts, and these new techniques that you as a web designer would hopefully consider while planning a standards-compliant site. I've also included what I believe are the pros and cons of each technique, links to examples, and where possible have credited their author and/or origins. This summary is a WIP.

Posted by Jacques Marneweck at 7:28 PM | Permalink | Comments (0) | TrackBacks (0)

For some odd reason Firefox 1.0.4 has been feeling slow of late. So I've upgraded to Deer Park RC1 which is moving towards becoming Firefox 1.1.0. So far so good. Deer Park seems to be using a lot less memory when browsing the .net and having numerous tabs opened to various websites.

About Deer Park

Posted by Jacques Marneweck at 6:16 PM | Permalink | Comments (0) | TrackBacks (0)

The folks at Clickatell also now have Clickatell Wholesale. Interesting stuff. I'm planning on forking SMS_Clickatell to SMS_Clickatell_Wholesale for using that gateway.

Posted by Jacques Marneweck at 6:05 PM | Permalink | Comments (0) | TrackBacks (0)

Jim has sold blo.gs to Yahoo!.

the sale of blo.gs has been completed, and i'm proud to announce that yahoo! has acquired the service. as of right now, give or take a few minutes, yahoo! is running blo.gs.

this is the sort of good home that i was looking for — yahoo! obviously has the resources to run and improve blo.gs in pace with the incredible growth of blogs (and syndication in general), and in talking with them it was also clear that we had some of the same vision for the future of the service and the ping/notification infrastructure.

Congrats to Jim on the sale. It's great that blo.gs is part of Yahoo!.

Jeremy goes on to say:

What are our plans for the service? Simple. Keep it running, make it scale, and make it even better (a lot like the Flickr plans).

Posted by Jacques Marneweck at 12:37 AM | Permalink | Comments (0) | TrackBacks (1)

I've created a patch for upgrading trac to 0.8.2 to fix the issues with subversion 1.2.0.

Specifically the svn >= 1.2.0 trouble ticket 1500 has been re-opened. Expect to see a patch for 0.8.3 once it is released to resolve the additional bug-fix.

Posted by Jacques Marneweck at 7:57 PM | Permalink | Comments (0) | TrackBacks (0)

I've downloaded SourcePuller to see if it runs under FreeBSD so that I can submit a port for SourcePuller to the FreeBSD project for others who are interested in the software. It's been a while since I've hacked any decent c code so the question is:

Compiling libsccs/open.c
In file included from libsccs/libsccs.h:346,
                 from libsccs/open.c:32:
libsccs/proto.h:162: error: syntax error before "comparison_fn_t"
*** Error code 1

Do you see anything weird in this snipbit of code?

void string_list_sort(const char **list);
const void *find_in_sorted_list(const void *el, const void *list,
                                unsigned count, size_t elsize,
                                comparison_fn_t cmp);
int interpret_timezone(const char *s);

Posted by Jacques Marneweck at 5:07 PM | Permalink | Comments (0) | TrackBacks (0)

Was fiddling with colobus this evening and now have the subversion developers mailing running on colobus. Now to just get round to shoving a web interface infront of colobus ;)

Posted by Jacques Marneweck at 7:27 PM | Permalink | Comments (0) | TrackBacks (0)

Today marks the 10th anniversary of PHP. Rasmus initially announced PHP 1.0 10 years ago today.

It is amazing how PHP has changed the web coding landscape. I remember back in the day using various combinations of shell scripts to generate HTML pages for various sites I was fiddling on for the 'semi dynamic content'. I rewrote some Novell netbasic scripts in perl for the #Cape_Town website where users had the ability to use the nickbrowser to view details about other people on that channel. The site was rewritten from scratch with a CMS, where the webteam members could post data, users could submit their own profile, and do various other bits and pieces. It was initially written using PHP3 and used Matt Robinson's file based session library which was the de-facto session management library for PHP3. The #Cape_Town website was one of my first websites developed with PHP, as it was much quicker and easier to do web development with PHP compared to perl.

Rasmus really did a great thing by inventing, sharing and nurturing PHP. While many, many people made it all happen, Rasmus (and, indirectly, Rasmus' wife Christine) is the baling wire and duct tape that held it all together.

There are numerous blog entries regarding PHP's 10th anniversary including that entry on the PHP.net homepage.

Zak sums it up better than I could:

Rasmus really did a great thing by inventing, sharing and nurturing PHP. While many, many people made it all happen, Rasmus (and, indirectly, Rasmus' wife Christine) is the baling wire and duct tape that held it all together.

• A Decade of PHP (Zak Greant)
• A Decade of PHP (Derick Rethans)
• Half a Decade of PHP (Davey Shafik)
• A decade of PHP
• 10 Jahre PHP
• John Coggeshall
• A Decade of PHP Wez Furlong
• age(PHP) = 10 years (Andrei Zmievski)
• Viva la PHP! (George Schlossnagle)

Posted by Jacques Marneweck at 7:31 AM | Permalink | Comments (0) | TrackBacks (0)

BitMovers press release.

Posted by Jacques Marneweck at 3:26 PM | Permalink | Comments (0) | TrackBacks (0)

Sara Golemon, PHP Developer, has written part II to an article on programming extensions for PHP. This article deals with Parameters, Arrays and ZVAL's. Her first article was Part I: Introduction to PHP and Zend.

Core developer and 'PECL Princess' Sara Golemon has written a number of extensions for PHP 4 and 5. She is also the person most likely to respond sympathetically to newcomers' queries about PHP internals.

This combination of hands-on experience and patience made Sara the natural choice to write an introductory series to PHP extension programming for zend.com.

Posted by Jacques Marneweck at 6:24 PM | Permalink | Comments (0) | TrackBacks (0)

Ilia posted a patch some time ago to the PHP Internals mailing list about making it possible to stop parsing a php file when you want to extract content from the bottom of the script such as a tarball.

Ilia has more including some 'sample code'.

Posted by Jacques Marneweck at 6:46 PM | Permalink | Comments (0) | TrackBacks (0)

Ilia brings up some good points in a post on his blog entitled Do people really care about security?.

A few days ago a friend of mine sent me a URL to an online store with a product he found interesting. When I went to the site, aside from the aforementioned product I saw a nice "Hacker Safe" logo, with the date (current date) which was supposed to assure me as a consumer that this site is "safe". Clicking on this logo took me to a page of a security company specializing in "helping sites protect you (the customer) from identity theft and credit card fraud", sounds good, I feel much safer already.

Curios about the truth of the site's hacker-safe claims, I decided to do a very basic test for Cross Site Scripting (XSS) by adding a small HTML string in the place of one of the parameter values in the get query. Imagine my surprise when rather then rejecting the clearly bogus value (number was expected, but non-numeric string was supplied), my input and the HTML tags found within were displayed verbatim. This little oversight would allow anyone to inject arbitrary content to be displayed as part of the store’s front end and if it contained HTML/JavaScript have it be parsed and executed. For example it would be trivial for someone to inject some JavaScript capable of stealing the current user's session and use it for their own gain. Identity theft here we come…

There are various articles about XSS:

• Bitflux's XSS Prevention wiki page
• Chris Shiflett's Foiling Cross Site Attacks
• Cross Site Scripting Info
• Understanding Malicious Content Mitigation For Web Developers

A XSS Toolkit would include examples of striping out tags, etc. etc. Running things like htmlspecialchars() against the text is one way of disabling the stuff. I saw an example a while back that disables the bulk of XSS attempts.

Posted by Jacques Marneweck at 6:32 PM | Permalink | Comments (0) | TrackBacks (0)

With all the noise regarding bitkeeper no longer being able to be utilised by Open Source projects, MySQL are looking at using the Subversion version control software.

infoworld caught on that other open-source projects are facing a decision about bitkeeper besides the linux kernel. while the article mentions we’re looking at subversion as an alternative for mysql server development, i don’t imagine that will be our long-term solution. distributed version control is just too nice. but our gui team has been using subversion for their projects for quite a while, and we are using it in many other places.

You have to love Larry's marketing spin on the saga that is brewing.

The Subversion Development Team explain why Subversion is not right for Linus and Debunking BitMover's Subversion Comparison.

Posted by Jacques Marneweck at 6:13 PM | Permalink | Comments (0) | TrackBacks (0)

So I finally got round to adding the 3.16 release of Movable Type to the Movable Type project listing on FreshMeat and today knowing how "lucky" I am Six Apart releases 3.17 during the wee hours of the morning so I have submitted the 3.17 release to FreshMeat.

Related links:

• Movable Type 3.17 Release

Posted by Jacques Marneweck at 7:53 PM | Permalink | Comments (0) | TrackBacks (0)

I suppose one of the things that was hacking me off about php5-fcgi was that it was ignoring the .htaccess file (rightfully so) and required a bit of tweaking of a custom php.ini for the php fastcgi to utilise so that one would get certain settings going prior to utilising my normal auto-prepend file.

For the past few weeks I've had to have quite a bit of stuff towards the top of my php scripts:

<?php
if ($_SERVER['SERVER_ADDR'] == 'XXX.XXX.XXX.XXX') {
    ini_set ('include_path', '*snip*');
    ini_set ('magic_quotes_gpc', 'off');
    ini_set ('magic_quotes_runtime', 'off');
    ini_set ('register_globals', 'off');
    ini_set ('display_errors', 'on');
    ini_set ('display_startup_errors', 'on');
    require_once 'powertrip-prepend.php';
}